REMARKS 

The present Amendment amends claim 1 ; cancels claims 2-22 and adds new 
claims 23-29. Therefore, the present application has pending claims 1 and 23-29. 

Claims 1 , 3 and 17-22 stand rejected under 35 USC §101 being that the 
Examiner alleges that these claims are directed to a security design system not an 
invention categorized in the one of the permitted statutory classes. As indicated 
above, claims 3 and 17-22 were canceled. Therefore, this rejection with respect to 
claims 3 and 17-22 is rendered moot. 

This rejection with respect to the remaining claim 1 is traversed for the 
following reasons. Applicants submit that amendments were made to claim 1 so as 
to clarify that the present invention is directed to a security system design supporting 
method implemented in a security system design supporting tool including a 
processor which conducts processings on data stored in memory. Thus, the claims 
as amended are directed to a statutory machine and as such complies with 35 USC 
§101 . Therefore, reconsideration and withdrawal of the rejection of claim 1 under 35 
USC §101 is respectfully requested. 

Claims 1, 3, 4, 7, 9, 10, 12, 13, 15, 17, 19, 20 and 21 stand rejected under 35 
USC §1 12, second paragraph as being indefinite for failing to particularly point out 
and distinctly claim the subject matter which Applicants regards as their invention. 
As indicated above, claims 2-22 were canceled. Therefore, the 35 USC §112, 
second paragraph rejection with respect to these claims is rendered moot. 
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Amendments were made to the remaining claim 1 to bring it into conformity 
with the requirements of 35 USC §112, second paragraph. Therefore, this rejection 
with respect to claim 1 should be reconsidered and withdrawn. 

Amendments were made to claim 1 so as to clarify the description of the 
present invention regarding the protection profiles that are internationally registered 
and the protection profiles and security targets that are not internationally registered. 

The Examiner's cooperation is respectfully requested to contact Applicants' 
Attorney by telephone should any further indefinite matters be discovered so that 
appropriate amendments may be made. 

Claims 1-21 stand rejected under 35 USC §1 02(b) as being anticipated by 
Baskerville (article entitled "Information System Security Design Methods: 
Implementation for Information Systems Development"); and claim 22 stands 
rejected under 35 USC §1 02(e) as being anticipated by Penders (EP No. 1065861 
A1). As indicated above, claims 2-22 were canceled. Therefore, these rejections 
with respect to claims 2-22 are rendered moot. With respect to the remaining claim 
1 , the 35 USC §1 02(b) rejection of claim 1 as being anticipated by Baskerville is 
traversed for following reasons. Applicants submit that the features of the present 
invention as now recited in claim 1 are not taught or suggested by Baskerville 
whether taken individually or in combination with any of the other references of 
record. Therefore, Applicants respectfully request the Examiner to reconsider and 
withdraw this rejection. 

Amendments were made to claim 1 so as to more clearly recite that the 
present invention is directed to a security system design supporting method, 
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implemented in a security system design supporting tool including a processor which 
conducts processings on data stored in memory, for supporting designing of security 
requirements of security specification based on international security evaluation 
criteria during planning/design of an information related product or an information 
system. 

According to the present invention as now more clearly recited in the claims, 
the security system design supporting method, includes providing, in the memory, a 
template case database for storing protection profiles (PPs) that have been 
internationally registered or PPs or STs (security targets) that have been generated, 
and that have not been internationally registered, in a class-tree structure based on 
an inheritance relation between types of products or systems as a target of 
evaluation (TOE) of the PPs or STs. 

Further, according to the present invention the method includes specifying, to 
the processor, PPs or STs related to the TOE by designating elements included in 
the products or systems, type and evaluation assurance level of the TOE and 
retrieving a relevant class-tree structure from the database, and generating, by the 
processor, a PP or ST draft of the TOE by integrally editing the contents of a 
definition of the PPs or STs. 

According to the present invention as to the generated PP or ST draft of the 
TOE, if the registered PPs or a local PPs matches PPs or STs retrieved from the 
database, then the retrieved PPs or STs are used, and if there are no matches then 
high order PPs or STs among the generated PPs or STs are retrieved based on an 
inheritance relation, thereby partially adding and correcting the PPs or STs. 
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The above described features of the present invention now more clearly 
recited in claim 1 are not taught or suggested by Baskerville whether taken 
individually or in combination with any of the other references of record. 

Baskerville provides a survey of information system security design methods 
which allow a designer to design an information system with the appropriate security 
features. Baskerville, first describes and discusses the advantages and 
disadvantages of check list type design approaches and mechanistic engineering 
methods which allow designers to perform a detailed examination of functional 
requirements of an information system. Particularly, Baskerville teaches the use of a 
profile table having a plurality of entries. 

Baskerville, specifically teaches on pages 380-383 table 2, which includes the 
content and features of the check list procedure, and on pages 383-384 an equation 
for determining risk by multiplying P (probability of an exposure occurring) and C 
(cost or loss attributed to such exposure), both being two major elements of risk 
having the formula R=PXC. This formula as taught by Baskerville is used to 
calculate the risk of any particular design choice. 

Thus, it appears that Baskerville is simply an article which sets forth a survey 
of the available security design methods and does not provide an enabling 
disclosure relative to the different security design methods discussed therein. 

The present invention as recited in the claims is directed to a security system 
design supporting method which makes use of PPs and STs in the form of database 
templates. According to the present invention, the database templates use object 
oriented information models and a graphical user interface (GUI) is used so as to 



9 



express the method to allow a user thereof to implement the design security method 
according to the present invention. The present invention makes designing such 
systems simpler and more efficient by providing templates which are selectable by 
the user. The selection of such templates allows for the appropriate PP or ST to be 
designated due to its matching with pre-stored PPs and STs. Thus, according to the 
present invention as recited in the claims, the user is allowed to specify PPs or STs 
related to a TOE by designating elements in the products or systems, type or 
evaluation assurance level of the TOE and retrieving a relevant class-tree structure 
from the database. In the present invention after such specifying, a PP or ST draft of 
the TOE is generated by allowing the editing of the contents of a definition of the 
specified PPs or STs. Such features clearly are not taught or suggested by 
Baskerville. 

Further, according to the present invention as recited in the claims, as to the 
generated PP or ST draft, if the registered PP or local PP matches a PP retrieved 
from the database, the retrieved PP is used. However, if the registered PP or the 
local PP does not match the retrieved PP, a high order PP among the generated PP 
is retrieved based on an inheritance relation. Such features are also not taught or 
suggested by Baskerville. 

Therefore, Baskerville fails to teach or suggest specifying, to the processor 
the PPs or STs related to the TOE by designating elements included in the products 
or systems, types and evaluation assurance level of the TOE and retrieving a 
relevant class-tree structure from the database as recited in the claims. 
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Further, Baskerville fails to teach or suggest generating, by the processor, a 
PP or ST draft of the TOE by integrally editing contents of a definition of the specified 
PPs or STs as recited in the claims. 

Still further, Baskerville fails to teach or suggest that as to the generated PP 
or ST draft of the TOE, if the registered PP or a local PP matches with a PP retrieved 
from the database, the retrieved PP is used, and if the registered PP or the PP does 
not match the retrieved PP, a higher order PP among the generated PP is retrieved 
based on an inheritance relation to thereby partially add and correct the PPs or STs 
as recited in the claims. 

Therefore, as is clear from the above, Baskerville does not teach or suggest 
the features of the present invention as now more clearly recited in the claims. 
Accordingly, reconsideration and withdrawal of the 35 USC §1 02(b) rejection of claim 
1 as being anticipated by Baskerville is respectfully requested. 

As indicated above, new claims 23-29 were added depending directly or 
indirectly on claim 1. Therefore, the same arguments presented above with respect 
to claim 1 apply as well to new claims 23-29. 

The remaining references of record have been studied. Applicants submit 
that they do not supply any of the deficiencies noted above with respect to the 
references utilized in the rejection of claims 1-22 

In view of the foregoing amendments and remarks, applicants submit that 
claims 1 and 23-29 are in condition for allowance. Accordingly, early allowance of 
claims 1 and 23-29 is respectfully requested. 
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To the extent necessary, the applicants petition for an extension of time under 
37 CFR 1 .136. Please charge any shortage in fees due in connection with the filing 
of this paper, including extension of time fees, or credit any overpayment of fees, to 
the deposit account of MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C., 
Deposit Account No. 50-1417 (500.38895X00). 



Respectfully submitted, 



MATTINGLY, STANGER, MALUR & BRUNDIDGE, P.C. 



Carl U"Brundidge 
Registration No. 29,621 
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